Forum Discussion

Wand_97484's avatar
Wand_97484
Icon for Nimbostratus rankNimbostratus
Sep 13, 2013

APM ClientCert to Kerberos Transition - parsing SubjectAlternateName in Variable assign

Hi,   I'm currently setting up different APM profiles to test Kerberos Protocol Transition. LDAP Auth to Kerberos works RSA SecurID to Kerberos works Client Certificate to Kerberos - does not work...
BIG-IP Access Policy Manager (APM)
security
Jason_Rowland_4's avatar
Jason_Rowland_4
Historic F5 Account
Jan 12, 2016

You can achieve the same result with a Variable Assign action in the Access Policy configured with the following values:

 

session.logon.last.domain = expr { [lindex [split [mcget {session_variable_with_user@domain}] "@"] 1] }

 

session.logon.last.username = expr { [lindex [split [mcget {session_variable_with_user@domain}] "@"] 0] }

 

In my case I wanted to populate the Username and Domain session variables from the "session.saml.last.identity" session variable which is created on the APM SAML SP after completing IdP authentication. The above syntaxes in a Variable Assign populated the Username and Domain session variables with the desired information.

 

  • Jason